Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Paypal Primary Email Address Change Phishing Scam

Summary:
Email, purporting to be from PayPal, claims that the recipient's primary email address has changed and urges him or her to click a link in the message if the address change was unauthorised (Full commentary below).



Status:
Email is a scam designed to steal financial information

Example:(Received, October 2009)
The primary email for your PayPal account was changed

Dear Client,

The primary email for your PayPal account was changed on Oct. 22, 2009.

If you did not authorize this change, please contact us using the link below and undo the changes:

[Link to bogus website removed]

Thank you for using PayPal!
The PayPal Team
For more information on protecting yourself from fraud, please review the Security Tips in our Security Center.

PayPal Email ID PP234




Commentary:
This email, which purports to be from online payment and transaction service PayPal, informs the recipient that his or her primary PayPal address has been changed. It instructs the recipient to follow a link in the message to contact PayPal in the event that the recipient did not authorize the email address change.

However, the message is not from PayPal. In fact, the email is just one more in a long line of scams that have targeted PayPal users. The claim that the PayPal user's primary email address has been changed is a lie designed solely to trick him or her into clicking the link in the message and supplying personal information. Those who do click the link will be taken to a bogus website that looks very similar to the legitimate PayPal login page. If the user then logs on to the bogus page with his or her Paypal address and password, scammers will be able to collect this information and subsequently access the user's real PayPal account. Other pages on the bogus site might request the victim to supply even more personal and financial information such as contact and employment details, bank account details and credit card numbers.

Any and all information submitted on the bogus website can be collected by Internet criminals and used for financial fraud and identity theft.

Because it conducts most of its business online, and normally communicates with customers via email, PayPal has become a favourite target of phishing scammers. PayPal will never use generic greetings such as "Dear Client" in its emails to customers nor will it ask customers to provide personal information such as bank or credit card numbers via email. PayPal has published information about phishing scams on its website.

If you receive a suspect email, do not click on any links in the message or open any attachments that it may contain. If you do get an email that claims to be from PayPal, the safest course of action is to open your web browser and type in the legitimate PayPal web address to ensure that you are not inadvertently logging on to a bogus, look-a-like website designed to steal your information.

For more information about phishing scams, see:
Phishing Scams - Anti-Phishing Information






References:
PayPal - Phishing Guide
Phishing Scams - Anti-Phishing Information

Last updated: 27th October 2009
First published: 27th October 2009

Write-up by Brett M. Christensen